Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ZeekPortWarning plugin #51

Merged
merged 3 commits into from
Feb 24, 2023
Merged

Add ZeekPortWarning plugin #51

merged 3 commits into from
Feb 24, 2023

Conversation

awelzel
Copy link
Contributor

@awelzel awelzel commented Feb 24, 2023

@ckreibich - think that does it?

$ sudo ./bin/zeekctl 
WARNING: ********************************************************************************
WARNING: You're using Linux with the default ZeekPort setting 47760. This configuration
WARNING: is know to cause persistent worker failures with error messages as follows:
WARNING: 
WARNING:     error in <...>/cluster/setup-connections.zeek, lines 94-96: Failed to listen on INADDR_ANY:47764 (...)
WARNING: 
WARNING: Starting with Zeek 5.2, the default ZeekPort used by zeekctl will
WARNING: change from 47760 to 27760 in order to avoid potential port collisions
WARNING: with other processes due to 47760 falling right into Linux's default
WARNING: ephemeral port range.
WARNING: 
WARNING: Consider changing the ZeekPort option in your zeekctl.cfg to 27760
WARNING: now to prepare for this change. Doing so will silence this warning.
WARNING: 
WARNING:     ZeekPort = 27760
WARNING: 
WARNING: Note, if you're employing strict firewall rules between Zeek nodes,
WARNING: you'll likely need to update these rules. If you're using Zeek on
WARNING: a single physical host, no further action should be required.
WARNING: If possible do test the change in a non-production environment.
WARNING: 
WARNING: To silence this warning without changing the ZeekPort option,
WARNING: set zeek_port_warning.disable = 1 in zeekctl.cfg.
WARNING: 
WARNING: See the following PR for more details:
WARNING:     https://github.com/zeek/zeekctl/pull/41
WARNING: 
WARNING: Feel free to reach out on zeekorg.slack.com or community.zeek.org if
WARNING: you have any questions around this change.
WARNING: ********************************************************************************

Feel free to do any word-smithing in the PR.

@awelzel
build-zeek: Enable ccache when available
264e231
@awelzel
build-zeek: I think realpath should do
3d534be
@awelzel
Add a new ZeekPortWarning plugin
f43ec1e 
This was discussed on Slack:

1) The issue is pressing enough to actively warn users about it when
   starting zeekctl.

2) We should prepare users for the change in default coming with
   Zeek 5.2. We're a bit late here, but still reasonable for 5.0
   to 6.0 upgrades.

This change should be included into a Zeek 5.0.x maintenance release.
@awelzel awelzel merged commit 266890a into master Feb 24, 2023
@awelzel awelzel deleted the topic/awelzel/zeek-port-warning-banner branch February 24, 2023 18:00
@awelzel awelzel mentioned this pull request Feb 24, 2023
Open
@awelzel
Copy link
Contributor Author

awelzel commented Feb 24, 2023

Placed it here: zeek/zeek#724

@timwoj - fyi, anything I can help to get this into the next 5.0.x, let me know.

@awelzel awelzel mentioned this pull request Apr 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ckreibich ckreibich ckreibich approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@awelzel @ckreibich